Symantec Box Ably Melds
Security Tools”>
IT managers who have the luxury of building a completely new security setup at the perimeter of a large branch office should consider Symantec Corp.s Symantec Gateway Security Appliance Version 1.0. However, managers who are augmenting installed security tools may be better off investing in more-focused devices or software, rather than getting the SGSA and discarding the previous investment.
Although its not the biggest bargain in town, at $51,999, the SGSA Model 5300, which shipped this month, combines nearly every conceivable security tool in a slim 1U (1.75-inch) rack-mount appliance: Symantec has stuffed firewall, VPN (virtual private network), intrusion detection, anti-virus and content filtering capabilities into a 1GHz Sun Microsystems Inc. Cobalt Raq XTR box with 1GB of RAM and four RJ-45 network connectors.
Alternatively, Symantec offers the SGSA 5200, which supports 250 protected nodes and costs $23,390, and the 5110, priced at $11,790 for 50 protected nodes. Both of these editions shipped last month.
The SGSA 5300 supports an unlimited number of devices, although the company recommends putting no more than 1,000 nodes behind the appliance.
Building, Maintenance
In eWeek Labs tests, we got the sgsa 5300 up and running in just less than a day. Configuration is ongoing, as it is with comparable security tools such as SonicWall Inc.s GX 2500, NetScreen Technologies Inc.s NetScreen 200 and WatchGuard Technologies Inc.s Firebox 2500. Even though we were up and running relatively quickly, we still devoted at least 20 minutes per day after the product was installed to reviewing reports and making sure the SGSA 5300 was correctly tuned.
We used the SGSA 5300s scheduling tool to update our anti-virus and IDS (intrusion detection system) signatures daily, which took the work out of most of our daily chores. We also fiddled with access rules that allowed us to define good and bad traffic on a nearly daily basis. This means that IT managers should allocate enough staff time to properly maintain the SGSA 5300, especially if the organization is prone to attacks.
The SGSA 5300 runs on a customized version of Red Hat Inc.s Red Hat Linux operating system that has been hardened to withstand determined cracking attacks. However, after going through the standard configuration, it was clear that a little more work was needed on our part to make the product really secure.
The most irksome problems we encountered were revealed when we used testing tools, including Nessus, a Linux-based remote security scanner from The Nessus Project (www.nessus.com), and Nmap, an open-source security auditing utility from www.insecure.org.
For example, Nessus reported the banner for our SMTP proxy, identified the device as a Raptor firewall (the product is based on technology gained when Symantec bought Axent Technologies Inc.) and found at least one vulnerability that bad actors could exploit. We were able to adjust the system to close the holes with help from Symantec. IT managers should take this into account, however, before shipping the units to field offices, since the whole point of the product is to make security as simple as possible for offices that likely dont have security expertise.
Maintenance and reporting are simple, effective routines. In addition to automating anti-virus and IDS signature updates, we got convenient, comprehensive daily reports on attacks detected. We advise IT managers who use the product to get in the habit of reviewing the IDS reports and to use the products ability to send a page or e-mail notification when serious problems are detected.
In tests, it was easy to use the product to provide VPN access as well as restrict and monitor Internet access. The SGSA 5300 has setup wizards that handle most tasks, including setting up VPN access. The product uses Microsoft Corp.s Management Console, or MMC, snap-in, so anyone familiar with that fairly common interface should have little trouble configuring new users and all the SGSA 5300s features.
The SGSA provides all the standard features we expected to see for a perimeter gateway security tool, including network address translation, Triple Data Encryption Standard encryption and configurable Ethernet interfaces to support multiple internal and external network connections for a demilitarized zone and a management network, if needed.
The SGSA can be a single point of failure in the network and lacks dual power supplies. Furthermore, Symantec charges full price for a second unit to use in hot-standby mode. Multiple units (as many as eight) can be cabled together and managed as a cluster in several high-availability configurations.
Senior Analyst Cameron Sturdevant is at cameron_sturdevant@ziffdavis.com.
Symantec Gateway Security Appliance
5300 1.0″> Symantec Gateway Security Appliance 5300 1.0
USABILITY |
Excellent |
CAPABILITY |
Good |
PERFORMANCE |
Good |
INTEROPERABILITY |
Excellent |
MANAGEABILITY |
Excellent |
SCALABILITY |
Good |
SECURITY |
Fair |
Version 1.0 of Symantecs SGSA 5300 is a good all-in-one device for securing the perimeter of large branch offices and small enterprises that need an easily configured firewall, VPN, IDS, content filter and anti-virus protection. However, the device needs a few tweaks to make it a good choice for handling most security duties for offices that must protect 1,000 or fewer users. IT managers will want to spend some time with the product on a daily basis, both to see what SGSA is finding and to do a once-over to make sure the virus and attack definition signatures are up-to-date.
Cost Analysis
Although the initial costs are a bit steep, the SGSA 5300s $51,999 list price is not out of line for the number and strength of functions it provides. IT managers should plan to build in at least 3 to 5 hours per week of ongoing staff time to monitor and fine-tune the configuration of the Gateway Security Appliance. IT departments should also keep in mind that several components, including the anti-virus and IDS signatures, carry a yearly subscription charge after the first year of included support.
(+) Puts all security functions in one easily managed box; reports and maintenance are conveniently managed with wizards and an MMC snap-in; sends alerts when serious problems are encountered.
(-) Initial configuration exposes a couple of potentially serious security compromises; product can be a single point of failure if used alone.
Evaluation Short List
•SonicWalls GX 2500
•NetScreen Technologies NetScreen 200
www.symantec.com
Related Story:
- Knowing Components History Can Help